3 Sites on Site-to-Site VPN Auto IPsec vs Manual IPsec
Hi everyone, I'm new to Omada and a part of a small company looking to provide a doctor and his 3 surgeries with a site-to-site VPN, so i have quite a few questions.
Just to give some background, the current network is already connected site to site but with unifi equipment via towers. All three branches are under a 192 and 172 IP range with the 192 being the primary connection and 172 the failover. Our main concern when setting up the new VPN is their stock system which is on the 172 range, we need those devices to be able to communicate branch to branch.
So the original plan was to get 3 ER707-M2's and 3 PCs to act as controllers for each (although I found out only one is acually needed) and then connect all 3 sites via S2S VPN. I have heard all 3 sites need to have unique IP ranges which makes sense and that Auto IPsec can only be used if all 3 VPN routers are managed by 1 controller, so if we need to do Manual IPsec it's not an issue
My questions basically are:
1. Is the S2S VPN possible with the same IP ranges for all 3 branches?
2. Is it necessary for 3 Controllers for each router and if there are 3 controllers under the same tp-link account, would that affect the VPN in any way?
3. Lastly, if unique IP ranges are required for each site, should it just be a case of changing the stock system devices IPs to match and then they'll be able to communicate via the VPN?
Note: We'll have more than 1 ISP on each branch to provide failovers and we won't be using any public IPs (but are willing to get public IPs if it is required)
Thanks for posting in our business forum.
1. No. Conflict.
2. 3 controller is not necessary. 1 can take control but you have to make sure the connection is stable.
3. Don't understand. Subnet is supposed to be different. Refer to 1.
4. Of course, the public IP is needed for any VPN connection. Site-to-site requires both sites to have a public IP.